AWS allow user to call create-role

When trying to create a role http://docs.aws.amazon.com/vm-import/latest/userguide/import-vm-image.html i run into the following error (AccessDenied) when calling the CreateRole operation: User: arn:aws:iam::806409516843:user/<username> is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::806409516843:role/vmimport.

I have tried reading the docs and doing many google searches on the subject but can't seem to find a way to allow my user to create a role. Please help.

amazon-web-services

CyberGeek.exe

Posted 2016-12-25T15:15:40.360

Reputation: 164

Answers

If you have root access to your account, you can just write your own policy and attach it to the user (AWS Console => IAM => Users => Add inline policy). Here is an example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1482712489000",
            "Effect": "Allow",
            "Action": [
                "iam:CreateRole"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Sergey Kovalev

Posted 2016-12-25T15:15:40.360

Reputation: 326

Thanks. Found another solution but this works – CyberGeek.exe – 2016-12-26T00:53:42.697

3@CyberGeek.exe, if you have time, could you post the alternate solution? – Matthew – 2017-09-03T15:36:47.710

1I also had to add "iam:AttachRolePolicy" to "Action" field. And I removed "Sid" as I don't know why it is needed and what to put there, but without it skill works perfectly. – rightaway717 – 2018-05-04T08:11:55.650

I went with AttachPolicy (to a group but I suppose you could do it to a single user as well) and attached AdministratorAccess. This may later be revealed to be a poor choice but I figured it would cover me for anything else I need to do.

Bowie Owens

Posted 2016-12-25T15:15:40.360

Reputation: 123